health
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs project audits by executing several local shell scripts (
scripts/*.sh) and standard CLI tools includinggit,npm,find, andgrep. These operations are scoped to auditing the current project directory. - [EXTERNAL_DOWNLOADS]: Invokes
npm auditandnpx ts-prune, which are standard industry tools for vulnerability scanning and dead code detection. These tools interact with official registries (e.g., registry.npmjs.org). - [SAFE]: Security scanning for hardcoded secrets is performed locally using regular expressions. The script identifies potential keys in the source code for reporting purposes but does not exfiltrate this data or transmit it to external servers.
- [COMMAND_EXECUTION]: The skill generates a health report in Markdown format and saves it to a local directory (
./health_check/). This is a benign file-writing operation for user review. - [SAFE]: Project health scoring logic is transparently documented in the
SKILL.mdfile and implemented via simple shell arithmetic, with no hidden conditional triggers or time-delayed logic observed.
Audit Metadata